
A new cyber attack method that has recently emerged and is called "agentjacking" has caused a huge stir in the cybersecurity world by targeting AI-powered coding agents. In the attack, which occurred during controlled tests, AI tools such as Claude Code were completely compromised via a fake error report. While the attacker can run any malicious code they want using all the privileges possessed by the developer, no security alerts in the system were triggered. All existing security systems, including EDR, WAF, IAM, and firewalls, failed to detect this breach. This situation reveals how inadequate traditional security measures are against attacks targeting AI agents.
In the Haziran report prepared by Tenet Security, it is explained in detail that behind this attack lies a specially crafted error event sent through the Sentry error tracking system. In this method, which does not require any authentication or system breach, attackers use a public Sentry credential (DSN) to inject malicious instructions into the error data. The AI tools, thinking the system is a reliable diagnostic output, execute these instructions seamlessly with their own privileges. In tests conducted by the firm, it was stated that over 100 targets were successfully compromised and the attack's success rate was at the 85 percent level. In its statement on the matter, Sentry admitted that this architectural vulnerability technically has no defensible structure.
This method, which has also attracted the attention of reputable organizations such as Cloud Security Alliance (CSA), has quickly been classified as a systemic MCP (Model Context Protocol) vulnerability class. The most dangerous aspect of the aforementioned attack is that each cascading step is carried out within the framework of legal authorizations. During this process, no credentials are stolen, no security policy is violated, and system boundaries are not breached in any way. In the research conducted by Tenet Security, it was determined that more than 2 thousand organizations globally have public Sentry credentials susceptible to injecting such malicious events. In a compromised real Claude Code environment, it was revealed that there were ready-to-use AWS secret access keys and private repository addresses.
Evaluations made by experts on the subject confirm that all AI coding agents connected to Sentry, Datadog, PagerDuty, Jira, and even other MCP-powered data sources trusted by developers are affected by this blindness. Because the Sentry architecture intentionally keeps DSN credentials public to enable front-end error reporting, the solution to the problem does not solely lie in revoking these credentials. CrowdStrike CTO Elia Zaitsev draws attention to the lack of "runtime" control, which underlies this massive security vulnerability created by AI agents. Stating that agents act like highly privileged users, access the system, and reason, Zaitsev emphasizes the need for new and dynamic security networks to authorize agents in real time.
Independent surveys conducted in the first half of the 2026 also reveal that organizations are far from the level of care they need to show towards AI agents. Comprehensive research by firms such as Okta, HiddenLayer, and Gravitee shows that less than a third of organizations apply the security rules they enforce for human employees to AI agents. Contrary to the exaggerated sense of security held by executives, a large portion of field staff state how ambiguous the governance processes of these agents are. Experts like Kayne McGladrey, a senior member of IEEE, state that this governance and security vulnerability essentially stems from a lack of budget and personnel. Until this vulnerability is closed, these next-generation cyber threats, where every authorized access creates a new attack surface, will continue to pose a serious risk to the entire world.
इस खबर के बारे में पूछें
उत्तर केवल इस खबर से AI द्वारा।
यह एआई द्वारा बनाया गया संक्षिप्त सारांश है। पूरी खबर स्रोत पर है।
स्रोत पर पूरी खबर पढ़ेंventurebeat.com